Gmail for Alert E-Mails

Forum|Forum|15 years ago
June 29, 2010
4 replies
6405 views

Has anyone tried or does anyone know if it is possible to use smtp.gmail.com to send alert emails from the FortiGate (or FortiAnalyzer)? I have tried using ' smtp.gmail.com' and entering my username@gmail.com for smtp user and my gmail password, but still no luck. I have been having trouble getting alert emails to send from both the FortiGate and FortiAnalyzer.

billp

New Member

We' re running into the same problem with other software configured to send alerts. . . smtp.gmail.com requires an encrypted connection. See: http://mail.google.com/support/bin/answer.py?answer=78799 Specifically, Please note that if your client does not support SMTP authentication, you won' t be able to send mail through your client using your Gmail address. The short answer is no, you can' t use smtp.gmail.com to send alerts because it doesn' t support unencrypted emails, and the Fortigate doesn' t support encrypted emails. We will probably have to build our own in-house smtp server to handle the things like this. Suggestions on work-arounds are welcome

abelio

SuperUser

The short answer is no, you can' t use smtp.gmail.com to send alerts because it doesn' t support unencrypted emails, and the Fortigate doesn' t support encrypted emails.

It' s no matter of encryption or not; it' s a matter of ports. smtp.googlemail.com uses 465/tcp submission port for the connection., and in your fortigate you cannot use (yet) another port than 25/tcp for email alerts BTW, FTG' s email alerts smtp support authentication for years ago, (picture included)

Mj24417.jpg

A

Anonymous_UserAuthor

Contributor

Actually Abel, you can set the FortiGate alert-email SMTP port to anything via the CLI. See: http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD31861&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=7528496&stateId=0%200%207526635 I have tried using smtp.gmail.com with ports 465 and 587 as suggested in the link that billp posted, both with no luck. I instantly receive a " Fortigate was unable to send alert-email" in the event log. Encryption might be the problem. We also have an in-house MS Exchange server that I am unable to send alert emails from.

abelio

SuperUser

ORIGINAL: mike0 Actually Abel, you can set the FortiGate alert-email SMTP port to anything via the CLI. See: http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD31861&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=7528496&stateId=0%200%207526635

Indeed, thanks for the link!

billp

New Member

Abel, I quoted the wrong part of the gmail link -- In addition to authentication, the Google SMTP server requires TLS encryption when sending. Fortigate doesn' t support TLS when sending email alert messages. I found this to a be a problem with most systems that are not email clients per-se.

abelio

SuperUser

In addition to authentication, the Google SMTP server requires TLS encryption when sending. Fortigate doesn' t support TLS when sending email alert messages.

Indeed Bill, it seems that the only way to connect to google is starting tls first, independiently of authentication process; there' s no option for talk smtp with no issuing starttls comand first, and FGT doesn' t send starttls command.

  [abel@ ~]$ telnet smtp.googlemail.com  587  Trying 74.125.45.16...  Connected to smtp.googlemail.com (74.125.45.16).  Escape character is ' ^]' .  220 mx.google.com ESMTP b6sm63037707ani.1  ehlo  250-mx.google.com at your service, [xxx.xxx.xxx.xxx]  250-SIZE 35651584  250-8BITMIME  250-STARTTLS  250 ENHANCEDSTATUSCODES

regards and my apologies for the misunderstanding.

SECCON1MC

New Member

Here is a different direction. Since you will be sending to your gmail account, just use the MX record for gmail:

;; QUESTION SECTION:  ;gmail.com.			IN	MX    ;; ANSWER SECTION:  gmail.com.		1251	IN	MX	40 alt4.gmail-smtp-in.l.google.com.  gmail.com.		1251	IN	MX	5 gmail-smtp-in.l.google.com.  gmail.com.		1251	IN	MX	10 alt1.gmail-smtp-in.l.google.com.  gmail.com.		1251	IN	MX	20 alt2.gmail-smtp-in.l.google.com.  gmail.com.		1251	IN	MX	30 alt3.gmail-smtp-in.l.google.com.

in this case gmail-smtp-in.l.google.com should work fine. [ul]

Set your FortiGate to not to authenticate

You may need to provide a valid email address that is not your gmail address to get past the spam filters

Make sure you do not try to relay as that will obviously not work and will just make the mighty google mad. [/ul] Good Luck ~Matt

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded